CVE-2026-1060

The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permissioncallback set to returntrue, allowing unauthenticated attacke...

CVE-2025-68593 WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

CVE-2025-68592 WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through = 4.0.6.1...

WordPress plugin WP Adminify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin WP Adminify versions = 4.0.6.1...

WordPress plugin WP Adminify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-44266

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...

CVE-2023-44266

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...

CVE-2023-44266

CVE-2023-44266 refers to a Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin for WordPress, affecting versions up to 3.1.6. Exploitation requires authenticated admin-level access (admin+). The issue is triggered via the plugin’s admin interface, enabling stored XSS...

CVE-2023-44266 WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...

PT-2023-27530 · WordPress · Wp Adminify

Name of the Vulnerable Software and Affected Versions: WP Adminify WordPress plugin versions prior to 3.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, fo...